46% of SMEs do not have an employee responsible for data security within their organisations

Shred-it calls on Government to introduce legislation to ensure every workplace has a data security officer in place

16 November 2015 – UK businesses are putting themselves at risk of fraud resulting from a security breach by not assigning an employee to be responsible for information security education and implementation within their organisation, the UK’s leading information destruction expert, Shred-it, has warned.

Nearly half (46%) of small business owners have no employee responsible for managing data security issues a Shred-it survey conducted by Ipsos MORI found, compared to just 8% of C-suites. Even more concerning, more than a quarter (27%) of small businesses do not have information security policies and procedures in place; a third of those who do admit to never training their employees on these protocols, according to Shred-it’s State of the Industry report.

This year, Shred-it is an official Fraud Week supporter and to mark the event, Shred-it is calling on the UK Government to implement legislation to ensure all businesses have a dedicated employee responsible for raising awareness of the importance of data security, understanding changes to legislation and enforcing data security procedures in the workplace.

“There is a strong correlation between data security practices and data breaches. Introducing legislation which mandates an employee specifically responsible for raising awareness of data security in the workplace and implementing a ‘culture of security’, will help protect businesses against fraud and help them avoid financial or legal penalties,” says Robert Guice, Senior Vice President EMEA, Shred-it.

Since April 2010, the Information Commissioner’s Office (ICO) has issued over £7 million worth of fines to organisations that have experienced a data breach. Despite such high figures and the irreversible damage to a company’s reputation as a result of a breach, businesses are still not doing enough when it comes to data security.

To ensure all companies in the UK follow similar standards in Data Protection compliance, Shred-it urges the Government to introduce legislation which ensures organisations have dedicated employees responsible for managing and monitoring data security issues on a day-to-day basis. If data security is not made a priority, businesses are left exposed to data breaches, fraud, heavy legal fines from the ICO and other regulatory bodies, and loss of customers and business partners - all of which can cause irreversible damage.

In addition to appointing a Data Protection Officer, companies can reduce the risk of workplace fraud by following these all important tips:

Employee training: Frequent training on the risks of fraud and how to prevent it.

Education: Educate employees about vulnerable areas to avoid leaving confidential information in the office and off-site.

Remain vigilant: Teach employees how to identify the behaviours associated with workplace fraudsters and to report anything suspicious!

Introduce a shred-all policy: Enforcing a Shred-all policy means all documents are destroyed prior to disposal or recycling, helping to ensure confidential information does not fall into the wrong hands through human error.

Visit Shred-it’s resource centre for more information on how companies can safeguard themselves against a data breach.

-ENDS-

Notes to editors

About Shred-it
Shred-it is a world-leading information security company providing information destruction services that ensure the security and integrity of our clients' private information. The company operates in 170 markets throughout 18 countries worldwide, servicing more than 400,000 global, national and local businesses. For more information, please visit www.shredit.co.uk.

About Fraud Awareness Week
International Fraud Awareness Week, taking place the week 15 -21 November 2015, champions the need to proactively fight fraud and help safeguard business and investments from the growing fraud problem.